Secure Key Rotation in Cloud

Abstract

The way we store and manage data has changed dramatically with the rise of cloud storage. However, keeping our data safe for the long haul requires us to stay vigilant. According to NIST, one important way to do this is by regularly changing the encryption keys that protect our data. A most naive approach to rotating key is to download all our data from the cloud, switch to a new key (decrypt all the data with the old key and then encrypt with the new key), and then upload everything again. However, for large amounts of data, this can be expensive and time-consuming. The above-stated problem can be solved by using Updatable Encryption (UE). It’s a clever method first introduced by Boneh et al [BLMR13], that makes key changes much easier, especially for cloud storage. With UE, we can send a small update token to the cloud, allowing it to switch our data from the old key to the new one without ever seeing what’s inside. This will not only save the bandwidth to download and upload huge amounts of data, but it will also save the computation power required for decryption and encryption. In this thesis, we’ll dive into existing research to see how practical and effective UE is for securing data in the cloud. We hope to show how this innovative approach could make cloud storage safer and more efficient for everyone by looking at what others have discovered and testing things out ourselves.